diff --git a/lib/WebGUI/Form.pm b/lib/WebGUI/Form.pm
index 230b6952f..b1ce019d4 100644
--- a/lib/WebGUI/Form.pm
+++ b/lib/WebGUI/Form.pm
@@ -887,7 +887,7 @@ sub group {
tie %hash, 'Tie::IxHash';
my $exclude = $_[0]->{excludeGroups};
if ($$exclude[0] ne "") {
- $where = "and groupId not in (".join(",",@$exclude).")";
+ $where = "and groupId not in (".quoteAndJoin($exclude).")";
}
%hash = WebGUI::SQL->buildHash("select groupId,groupName from groups where showInForms=1 $where order by groupName");
return selectList({
diff --git a/lib/WebGUI/Group.pm b/lib/WebGUI/Group.pm
index 193e89038..177f55305 100755
--- a/lib/WebGUI/Group.pm
+++ b/lib/WebGUI/Group.pm
@@ -17,6 +17,7 @@ package WebGUI::Group;
use strict;
use Tie::CPHash;
use WebGUI::DateTime;
+use WebGUI::Id;
use WebGUI::Grouping;
use WebGUI::Session;
use WebGUI::SQL;
@@ -67,9 +68,9 @@ These methods are available from this class:
#-------------------------------------------------------------------
sub _create {
- my $groupId = getNextId("groupId");
+ my $groupId = WebGUI::Id::generate();
WebGUI::SQL->write("insert into groups (groupId,dateCreated,expireOffset,karmaThreshold) values
- ($groupId,".time().",314496000,1000000000)");
+ (".quote($groupId).",".time().",314496000,1000000000)");
WebGUI::Grouping::addGroupsToGroups([3],[$groupId]);
return $groupId;
}
@@ -117,7 +118,7 @@ sub autoAdd {
if (defined $value) {
$class->{_group}{"autoAdd"} = $value;
WebGUI::SQL->write("update groups set autoAdd=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"autoAdd"};
}
@@ -146,7 +147,7 @@ sub autoDelete {
if (defined $value) {
$class->{_group}{"autoDelete"} = $value;
WebGUI::SQL->write("update groups set autoDelete=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"autoDelete"};
}
@@ -174,9 +175,9 @@ Deletes this group and all references to it.
=cut
sub delete {
- WebGUI::SQL->write("delete from groups where groupId=".$_[0]->{_groupId});
- WebGUI::SQL->write("delete from groupings where groupId=".$_[0]->{_groupId});
- WebGUI::SQL->write("delete from groupGroupings where inGroup=".$_[0]->{_groupId}." or groupId=".$_[0]->{_groupId});
+ WebGUI::SQL->write("delete from groups where groupId=".quote($_[0]->{_groupId}));
+ WebGUI::SQL->write("delete from groupings where groupId=".quote($_[0]->{_groupId}));
+ WebGUI::SQL->write("delete from groupGroupings where inGroup=".quote($_[0]->{_groupId})." or groupId=".quote($_[0]->{_groupId}));
}
#-------------------------------------------------------------------
@@ -223,7 +224,7 @@ sub deleteOffset {
if (defined $value) {
$class->{_group}{"deleteOffset"} = $value;
WebGUI::SQL->write("update groups set deleteOffset=$value,
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"deleteOffset"};
}
@@ -252,7 +253,7 @@ sub description {
if (defined $value) {
$class->{_group}{"description"} = $value;
WebGUI::SQL->write("update groups set description=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"description"};
}
@@ -281,7 +282,7 @@ sub expireNotify {
if (defined $value) {
$class->{_group}{"expireNotify"} = $value;
WebGUI::SQL->write("update groups set expireNotify=$value,
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"expireNotify"};
}
@@ -310,7 +311,7 @@ sub expireNotifyMessage {
if (defined $value) {
$class->{_group}{"expireNotifyMessage"} = $value;
WebGUI::SQL->write("update groups set expireNotifyMessage=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"expireNotifyMessage"};
}
@@ -340,7 +341,7 @@ sub expireNotifyOffset {
if (defined $value) {
$class->{_group}{"expireNotifyOffset"} = $value;
WebGUI::SQL->write("update groups set expireNotifyOffset=$value,
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"expireNotifyOffset"};
}
@@ -369,7 +370,7 @@ sub expireOffset {
if (defined $value) {
$class->{_group}{"expireOffset"} = $value;
WebGUI::SQL->write("update groups set expireOffset=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"expireOffset"};
}
@@ -433,7 +434,7 @@ sub karmaThreshold {
if (defined $value) {
$class->{_group}{"karmaThreshold"} = $value;
WebGUI::SQL->write("update groups set karmaThreshold=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"karmaThreshold"};
}
@@ -462,7 +463,7 @@ sub ipFilter {
if (defined $value) {
$class->{_group}{"ipFilter"} = $value;
WebGUI::SQL->write("update groups set ipFilter=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"ipFilter"};
}
@@ -491,7 +492,7 @@ sub isEditable {
if (defined $value) {
$class->{_group}{"isEditable"} = $value;
WebGUI::SQL->write("update groups set isEditable=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"isEditable"};
}
@@ -533,7 +534,7 @@ sub name {
if (defined $value) {
$class->{_group}{"groupName"} = $value;
WebGUI::SQL->write("update groups set groupName=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"groupName"};
}
@@ -571,7 +572,7 @@ sub new {
$group{databaseLinkId} = 0;
$group{dbCacheTimeout} = 3600;
} else {
- %group = WebGUI::SQL->quickHash("select * from groups where groupId='$groupId'");
+ %group = WebGUI::SQL->quickHash("select * from groups where groupId=".quote($groupId));
}
bless {_groupId => $groupId, _group => \%group }, $class;
}
@@ -599,7 +600,7 @@ sub scratchFilter {
if (defined $value) {
$class->{_group}{"scratchFilter"} = $value;
WebGUI::SQL->write("update groups set scratchFilter=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"scratchFilter"};
}
@@ -627,7 +628,7 @@ sub showInForms {
if (defined $value) {
$class->{_group}{"showInForms"} = $value;
WebGUI::SQL->write("update groups set showInForms=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"showInForms"};
}
@@ -635,7 +636,7 @@ sub showInForms {
#-------------------------------------------------------------------
-=head2 lastUpdated ( )
+=head2 dbQuery ( )
=head2 dbQuery ( [ value ] )
@@ -658,7 +659,7 @@ sub dbQuery {
if (defined $value) {
$class->{_group}{"dbQuery"} = $value;
WebGUI::SQL->write("update groups set dbQuery=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"dbQuery"};
}
@@ -686,7 +687,7 @@ sub databaseLinkId {
if (defined $value) {
$class->{_group}{"databaseLinkId"} = $value;
WebGUI::SQL->write("update groups set databaseLinkId=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"databaseLinkId"};
}
@@ -714,7 +715,7 @@ sub dbCacheTimeout {
if (defined $value) {
$class->{_group}{"dbCacheTimeout"} = $value;
WebGUI::SQL->write("update groups set dbCacheTimeout=".quote($value).",
- lastUpdated=".time()." where groupId=$class->{_groupId}");
+ lastUpdated=".time()." where groupId=".quote($class->{_groupId}));
}
return $class->{_group}{"dbCacheTimeout"};
}
diff --git a/lib/WebGUI/Grouping.pm b/lib/WebGUI/Grouping.pm
index 483b2c807..576488a1a 100755
--- a/lib/WebGUI/Grouping.pm
+++ b/lib/WebGUI/Grouping.pm
@@ -76,10 +76,10 @@ sub addGroupsToGroups {
foreach my $gid (@{$_[0]}) {
foreach my $toGid (@{$_[1]}) {
my ($isIn) = WebGUI::SQL->quickArray("select count(*) from groupGroupings
- where groupId=$gid and inGroup=$toGid");
+ where groupId=".quote($gid)." and inGroup=".quote($toGid));
my $recursive = isIn($toGid, @{getGroupsInGroup($gid,1)});
unless ($isIn || $recursive) {
- WebGUI::SQL->write("insert into groupGroupings (groupId,inGroup) values ($gid,$toGid)");
+ WebGUI::SQL->write("insert into groupGroupings (groupId,inGroup) values (".quote($gid).",".quote($toGid).")");
}
}
}
@@ -116,13 +116,13 @@ sub addUsersToGroups {
if ($_[2]) {
$expireOffset = $_[2];
} else {
- ($expireOffset) = WebGUI::SQL->quickArray("select expireOffset from groups where groupId=$gid");
+ ($expireOffset) = WebGUI::SQL->quickArray("select expireOffset from groups where groupId=".quote($gid));
}
foreach my $uid (@{$_[0]}) {
- my ($isIn) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=$gid and userId=$uid");
+ my ($isIn) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=".quote($gid)." and userId=".quote($uid));
unless ($isIn) {
WebGUI::SQL->write("insert into groupings (groupId,userId,expireDate)
- values ($gid, $uid, ".(WebGUI::DateTime::time()+$expireOffset).")");
+ values (".quote($gid).", ".quote($uid).", ".(WebGUI::DateTime::time()+$expireOffset).")");
}
}
}
@@ -151,7 +151,7 @@ An array reference containing the list of group ids to delete from.
sub deleteGroupsFromGroups {
foreach my $gid (@{$_[0]}) {
foreach my $fromGid (@{$_[1]}) {
- WebGUI::SQL->write("delete from groupGroupings where groupId=$gid and inGroup=".$fromGid);
+ WebGUI::SQL->write("delete from groupGroupings where groupId=".quote($gid)." and inGroup=".quote($fromGid));
}
}
}
@@ -180,7 +180,7 @@ An array reference containing a list of groups.
sub deleteUsersFromGroups {
foreach my $gid (@{$_[1]}) {
foreach my $uid (@{$_[0]}) {
- WebGUI::SQL->write("delete from groupings where groupId=$gid and userId=$uid");
+ WebGUI::SQL->write("delete from groupings where groupId=".quote($gid)." and userId=".quote($uid));
}
}
}
@@ -203,7 +203,7 @@ A unique identifier for the group.
=cut
sub getGroupsForGroup {
- return WebGUI::SQL->buildArrayRef("select inGroup from groupGroupings where groupId=$_[0]");
+ return WebGUI::SQL->buildArrayRef("select inGroup from groupGroupings where groupId=".quote($_[0]));
}
@@ -236,7 +236,7 @@ sub getGroupsForUser {
} elsif (exists $session{gotGroupsForUser}{$userId}) {
return $session{gotGroupsForUser}{$userId};
} else {
- my @groups = WebGUI::SQL->buildArray("select groupId from groupings where userId=$userId $clause");
+ my @groups = WebGUI::SQL->buildArray("select groupId from groupings where userId=".quote($userId)." $clause");
foreach my $gid (@groups) {
$session{isInGroup}{$userId}{$gid} = 1;
}
@@ -276,7 +276,7 @@ sub getGroupsInGroup {
} elsif (exists $session{gotGroupsInGroup}{recursive}{$groupId}) {
return $session{gotGroupsInGroup}{direct}{$groupId};
}
- my $groups = WebGUI::SQL->buildArrayRef("select groupId from groupGroupings where inGroup=$groupId");
+ my $groups = WebGUI::SQL->buildArrayRef("select groupId from groupGroupings where inGroup=".quote($groupId));
if ($isRecursive) {
$loopCount++;
if ($loopCount > 99) {
@@ -317,11 +317,11 @@ A boolean value to determine whether the method should return the users directly
=cut
sub getUsersInGroup {
- my $clause = "groupId=$_[0]";
+ my $clause = "groupId=".quote($_[0]);
if ($_[1]) {
my $groups = getGroupsInGroup($_[0],1);
if ($#$groups >= 0) {
- $clause .= " or groupId in (".join(",",@$groups).")";
+ $clause .= " or groupId in (".quoteAndJoin($groups).")";
}
}
return WebGUI::SQL->buildArrayRef("select userId from groupings where $clause");
@@ -376,7 +376,7 @@ sub isInGroup {
}
### Get data for auxillary checks.
tie %group, 'Tie::CPHash';
- %group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout from groups where groupId='$gid'");
+ %group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout from groups where groupId=".quote($gid));
### Check IP Address
if ($group{ipFilter} ne "") {
$group{ipFilter} =~ s/\t//g;
@@ -413,7 +413,7 @@ sub isInGroup {
if ($uid == $session{user}{userId}) {
$karma = $session{user}{karma};
} else {
- ($karma) = WebGUI::SQL->quickHash("select karma from users where userId='$uid'");
+ ($karma) = WebGUI::SQL->quickHash("select karma from users where userId=".quote($uid));
}
if ($karma >= $group{karmaThreshold}) {
$session{isInGroup}{$uid}{$gid} = 1;
@@ -497,10 +497,10 @@ If specified the admin flag will be set to this value.
sub userGroupAdmin {
if ($_[2] ne "") {
- WebGUI::SQL->write("update groupings set groupAdmin=$_[2] where groupId=$_[1] and userId=$_[0]");
+ WebGUI::SQL->write("update groupings set groupAdmin=".quote($_[2])." where groupId=".quote($_[1])." and userId=".quote($_[0]));
return $_[2];
} else {
- my ($admin) = WebGUI::SQL->quickArray("select groupAdmin from groupings where groupId=$_[1] and userId=$_[0]");
+ my ($admin) = WebGUI::SQL->quickArray("select groupAdmin from groupings where groupId=".quote($_[1])." and userId=".quote($_[0]));
return $admin;
}
}
@@ -531,11 +531,10 @@ If specified the expire date will be set to this value.
sub userGroupExpireDate {
if ($_[2]) {
- WebGUI::SQL->write("update groupings set expireDate=$_[2] where groupId=$_[1] and userId=$_[0]");
+ WebGUI::SQL->write("update groupings set expireDate=".quote($_[2])." where groupId=".quote($_[1])." and userId=".quote($_[0]));
return $_[2];
} else {
- my ($expireDate) = WebGUI::SQL->quickArray("select expireDate from groupings
- where groupId=$_[1] and userId=$_[0]");
+ my ($expireDate) = WebGUI::SQL->quickArray("select expireDate from groupings where groupId=".quote($_[1])." and userId=".quote($_[0]));
return $expireDate;
}
}
diff --git a/lib/WebGUI/Operation/Group.pm b/lib/WebGUI/Operation/Group.pm
index cd2be5da0..5e937e0f0 100644
--- a/lib/WebGUI/Operation/Group.pm
+++ b/lib/WebGUI/Operation/Group.pm
@@ -86,7 +86,7 @@ sub doGroupSearch {
}
$keyword = quote($keyword);
my $sql = "select groupId,groupName,description from groups where isEditable=1 and (groupName like $keyword or description like $keyword)
- and groupId not in (".join(",",@{$groupFilter}).") order by groupName";
+ and groupId not in (".quoteAndJoin($groupFilter).") order by groupName";
if ($returnPaginator) {
my $p = WebGUI::Paginator->new(WebGUI::URL::page($op));
$p->setDataByQuery($sql);
@@ -186,7 +186,7 @@ sub www_autoDeleteFromGroup {
sub www_deleteGroup {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($output);
- return WebGUI::Privilege::vitalComponent() if ($session{form}{gid} < 26);
+ return WebGUI::Privilege::vitalComponent() if ($session{form}{gid} < 26 && $session{form}{gid} > 0);
$output .= helpIcon("group delete");
$output .= ''.WebGUI::International::get(42).'
';
$output .= WebGUI::International::get(86).'';
@@ -200,7 +200,7 @@ sub www_deleteGroup {
#-------------------------------------------------------------------
sub www_deleteGroupConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
- return WebGUI::Privilege::vitalComponent() if ($session{form}{gid} < 26);
+ return WebGUI::Privilege::vitalComponent() if ($session{form}{gid} < 26 && $session{form}{gid} > 0);
my $g = WebGUI::Group->new($session{form}{gid});
$g->delete;
return www_listGroups();
@@ -356,7 +356,7 @@ sub www_emailGroupSend {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($sth, $email);
$sth = WebGUI::SQL->read("select b.fieldData from groupings a left join userProfileData b
- on a.userId=b.userId and b.fieldName='email' where a.groupId=$session{form}{gid}");
+ on a.userId=b.userId and b.fieldName='email' where a.groupId=".quote($session{form}{gid}));
while (($email) = $sth->array) {
if ($email ne "") {
WebGUI::Mail::send($email,$session{form}{subject},$session{form}{message},'',$session{form}{from});
@@ -380,7 +380,7 @@ sub www_listGroups {
.WebGUI::International::get(748).'';
my $p = doGroupSearch("op=listGroups",1);
foreach my $row (@{$p->getPageData}) {
- my ($userCount) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=".$row->{groupId});
+ my ($userCount) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=".quote($row->{groupId}));
$output .= '
| {groupId}).'">'.$row->{groupName}.' |
@@ -408,7 +408,7 @@ sub www_listGroups2 {
$row[$i] .= ''.$data[1].' | ';
$row[$i] .= ''.$data[2].' | ';
- ($userCount) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=$data[0]");
+ ($userCount) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=".quote($data[0]));
$row[$i] .= ''.$userCount.' |
';
$row[$i] .= '';
$i++;
@@ -431,16 +431,16 @@ sub www_listGroupsSecondary {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(11));
my ($output, $p, $sth, @data, @row, $i, $userCount);
$output .= ''.WebGUI::International::get(89).'
';
- my @editableGroups = WebGUI::SQL->buildArray("select groupId from groupings where userId=$session{user}{userId} and groupAdmin=1");
+ my @editableGroups = WebGUI::SQL->buildArray("select groupId from groupings where userId=".quote($session{user}{userId})." and groupAdmin=1");
push (@editableGroups,0);
$sth = WebGUI::SQL->read("select groupId,groupName,description from groups
- where groupId in (".join(",",@editableGroups).") order by groupName");
+ where groupId in (".quoteAndJoin(\@editableGroups).") order by groupName");
while (@data = $sth->array) {
$row[$i] = '';
$row[$i] .= '| '.$data[1].' | ';
$row[$i] .= ''.$data[2].' | ';
- ($userCount) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=$data[0]");
+ ($userCount) = WebGUI::SQL->quickArray("select count(*) from groupings where groupId=".quote($data[0]));
$row[$i] .= ''.$userCount.' |
';
$row[$i] .= '';
$i++;
@@ -482,7 +482,7 @@ sub www_manageGroupsInGroup {
$p = WebGUI::Paginator->new(WebGUI::URL::page('op=manageGroupsInGroup&gid='.$session{form}{gid}));
$p->setDataByQuery("select a.groupName as name,a.groupId as id from groups a
left join groupGroupings b on a.groupId=b.groupId
- where b.inGroup=$session{form}{gid} order by a.groupName");
+ where b.inGroup=".quote($session{form}{gid})." order by a.groupName");
$groups = $p->getPageData;
foreach $group (@$groups) {
$output .= '| '
@@ -518,7 +518,7 @@ sub www_manageUsersInGroup {
|
';
my $p = WebGUI::Paginator->new("op=manageUsersInGroup&gid=".$session{form}{gid});
$p->setDataByQuery("select users.username,users.userId,groupings.expireDate
- from groupings,users where groupings.groupId=$session{form}{gid} and groupings.userId=users.userId
+ from groupings,users where groupings.groupId=".quote($session{form}{gid})." and groupings.userId=users.userId
order by users.username");
foreach my $row (@{$p->getPageData}) {
$output .= '| '
@@ -575,7 +575,7 @@ sub www_manageUsersInGroupSecondary {
my $existingUsers = WebGUI::Grouping::getUsersInGroup($session{form}{gid});
push(@{$existingUsers},"1");
push(@{$existingUsers},"3");
- my $users = WebGUI::SQL->buildHashRef("select userId,username from users where status='Active' and userId not in (".join(",",@{$existingUsers}).") order by username");
+ my $users = WebGUI::SQL->buildHashRef("select userId,username from users where status='Active' and userId not in (".quoteAndJoin($existingUsers).") order by username");
$f->selectList(
-name=>"users",
-label=>WebGUI::International::get(976),
@@ -589,7 +589,7 @@ sub www_manageUsersInGroupSecondary {
|
';
$sth = WebGUI::SQL->read("select users.username,users.userId,groupings.expireDate
- from groupings,users where groupings.groupId=$session{form}{gid} and groupings.userId=users.userId
+ from groupings,users where groupings.groupId=".quote($session{form}{gid})." and groupings.userId=users.userId
order by users.username");
while (%hash = $sth->hash) {
$output .= '| '
diff --git a/lib/WebGUI/SQL.pm b/lib/WebGUI/SQL.pm
index 36532fd2d..76774777f 100644
--- a/lib/WebGUI/SQL.pm
+++ b/lib/WebGUI/SQL.pm
@@ -23,7 +23,7 @@ use WebGUI::Session;
use WebGUI::Utility;
our @ISA = qw(Exporter);
-our @EXPORT = qw("e &getNextId);
+our @EXPORT = qw("e &getNextId "eAndJoin);
=head1 NAME
@@ -670,11 +670,43 @@ The database handler. Defaults to the WebGUI database handler.
=cut
sub quote {
- my $value = shift; #had to add this here cuz Tie::CPHash variables cause problems otherwise.
+ my $value = shift;
my $dbh = shift || _getDefaultDb();
return $dbh->quote($value);
}
+#-------------------------------------------------------------------
+
+=head2 quoteAndJoin ( arrayRef [ , dbh ] )
+
+Returns a comma seperated string quoted and ready for insert/select into/from the database. This is typically used for a statement like "select * from someTable where field in (".quoteAndJoin(\@strings).")".
+
+NOTE: This is not a regular method, but is an exported subroutine.
+
+=over
+
+=item arrayRef
+
+An array reference containing strings to be quoted.
+
+=item dbh
+
+The database handler. Defaults to the WebGUI database handler.
+
+=back
+
+=cut
+
+sub quoteAndJoin {
+ my $arrayRef = shift;
+ my $dbh = shift || _getDefaultDb();
+ my @newArray;
+ foreach my $value (@$arrayRef) {
+ push(@newArray,$dbh->quote($value));
+ }
+ return join(",",@newArray);
+}
+
#-------------------------------------------------------------------
diff --git a/lib/WebGUI/Wobject.pm b/lib/WebGUI/Wobject.pm
index 4c0c872fe..f51e16030 100644
--- a/lib/WebGUI/Wobject.pm
+++ b/lib/WebGUI/Wobject.pm
@@ -1426,7 +1426,7 @@ sub www_edit {
if (WebGUI::Grouping::isInGroup(3)) {
my $contentManagers = WebGUI::Grouping::getUsersInGroup(4,1);
push (@$contentManagers, $session{user}{userId});
- $clause = "userId in (".join(",",@$contentManagers).")";
+ $clause = "userId in (".quoteAndJoin($contentManagers).")";
} else {
$clause = "userId=".quote($self->getValue("ownerId"));
}
|